EAST FCS ATM Physical Attacks Seminar 2018

An EAST FCS ATM Physical Attacks Seminar was held on 10th October 2018 in London, co-located with RBRs ATM & Cyber Security 2018 Conference.  The interactive and successful event followed the basic structure of work group meetings held by the EAST Expert Group on ATM & ATS Physical Attacks (EGAP).  This group, which meets twice a year, provides a platform for law enforcement and the private sector to come together and share attack information, trends and statistics in a structured manner.

An introduction to EGAP by the Chair, Graham Mott, was followed by a presentation by EAST Development Director Rui Carvalho, covering the latest EAST physical attack statistics from the H1 2018 European Payment Terminal Crime Report.  This highlighted that ATM related physical attacks were up 21% (from 1,696 to 2,046 incidents).  Attacks due to ram raids and ATM burglary were up 26% (from 470 to 590 incidents) and ATM explosive attacks (including explosive gas and solid explosive attacks) were up 2% (from 481 to 490 incidents).  Losses due to ATM related physical attacks were €15.1 million, a 24% increase from the €12.2 million reported during the same period in 2017.

Gertjan Kaijen of Europol then gave a high level view of the ATM Physical attack situation across Europe which was followed by national law enforcement updates from the following countries:

  • France – by Gilles Weintz of the Gendarmerie Nationale
  • Netherlands – by Niels Uljee of the Dutch Police
  • Portugal – by Bruno Sergio Nobre Viegas of the Policia de Seguranca Publica
  • Spain – by Daniel Zorzo Lopez of the Guardia Civil
  • UK – by Neil Smyth of the Metropolitan Police Service

These were followed by a talk from Marco Spoldi of MIB on the Italian experience of ATM Physical attacks, sharing what has been done in Italy to counter them.

ATM physical attacksThe Seminar concluded with a Question and Answer session chaired by Graham Mott and with Rui Carvalho, Gertjan Kaijen, Bruno Ricardo (Feerica), Daniel Zorzo Lopez and Adrian Roberts (West Midlands Police) on the Panel.

Attendance at the regular EAST EGAP work group meetings is limited and this event enabled active participation and input from a much wider pool of expertise.  Due to the positive response received from delegates, this ATM Physical Attacks Seminar is expected to be repeated in 2019.

More information on the event, which was sponsored by Feerica and Lockpoint, can be found on the EAST Events Website


2018 EAST FCS ATM Physical Attack Seminar Sponsors

 

Card fraud losses fall to 13 year low

EAST has just published a European Payment Terminal Crime Report covering the first six months of 2018 which reports that losses due to card fraud at payment terminals have fallen to the lowest level since 2005.

Total losses of €107 million were reported and the decrease is primarily due to a fall in losses due to card skimming (down from €118 million to €104 million). Overall payment terminal related fraud incidents were down 43% (from 11,934 to 6,790). Within this total card skimming incidents were down 19% (from 1,221 to 985) and well below the peak of 5,743 incidents reported during the same period in 2010.

EAST Executive Director Lachlan Gunn said, “The significant drop in card skimming incidents and losses reflects the continued effectiveness of EMV, as well as the work that has been put in by payment terminal deployers and card issuers with regard to counter-measures such as geo-blocking, fraud monitoring capabilities and fraud detection. Europe led the way with EMV, which is now a global standard, and all stakeholders in the payment card industry are benefitting from the increased security.”

Logical attacks against ATMs were down 46% (from 114 to 61) and all the reported ‘jackpotting’ attacks were ‘black box’ attacks.  Related losses were down 83% (from €1.51 million to €0.25 million) reflecting the fact that many of these attacks are unsuccessful.

ATM related physical attacks were up 21% (from 1,696 to 2,046 incidents).  Attacks due to ram raids and ATM burglary were up 26% (from 470 to 590 incidents) and ATM explosive attacks (including explosive gas and solid explosive attacks) were up 2% (from 481 to 490 incidents).  Losses due to ATM related physical attacks were €15.1 million, a 24% increase from the €12.2 million reported during the same period in 2017.

The average cash loss per explosive or gas attack is estimated at €14,748, the average cash loss for a robbery is €14,613 per incident and the average cash loss for a ram raid or burglary attack is €12,275.  These figures do not take into account collateral damage to equipment or buildings, which can be significant and often exceeds the value of the cash lost in successful attacks.

A summary of the report statistics under the main headings is in the table below.

card fraud

The full Crime Report is available to EAST Members (National and Associate)

ATM Physical Attacks

ATM Physical attacks remain a significant issue for ATM owners and other stakeholders (both public and private sector) in Europe and elsewhere, with explosive attacks (gas and solid explosive) of particular concern.  On 10th October 2018 the EAST Expert Group on ATM & ATS Physical Attacks (EAST EGAP) will hold an open Financial Crime & Security (FCS) Seminar in London to focus on the issue.  EAST EGAP is chaired by Graham Mott of the LINK Scheme.

EAST Executive Director Lachlan Gunn said ‘EAST EGAP was formed as a working group in 2014 and will hold its 10th Meeting on Tuesday 4th September 2018 in The Hague.  Attendance at EAST EGAP meetings is restricted in accordance with the group’s Terms of Reference, which makes the coming FCS Seminar in October a great opportunity for all those affected by, or concerned about, ATM physical attacks to engage with EAST’.

This interactive event follows the basic structure of EAST EGAP Member meetings.  An introduction to the Group will be followed by presentation of the latest EAST Physical Attack Statistics (H1 2018).  Then Gertjan Kaijen of Europol will give an update on the ATM physical attack situation in Europe, which will be followed by Law Enforcement updates from several of the key European markets.  After a networking break there will a session on the steps taken in Italy to counter ATM explosive attacks (gas and solid), and the event will conclude with a Q&A session on all attack types and counter-measures.  The event is co-located with RBR’s ATM & Cyber Security 2018 Conference.  See the full programme here.

Attendance at EAST EGAP meetings is limited, as it is a working group, and this EAST FCS Seminar enables wider participation and the opportunity for all attendees to engage with the Group and its organisers.


The Seminar is sponsored by:

 

 

EAST Publishes European Fraud Update 2-2018

FraudEAST has published its second European Fraud Update for 2018.  This is based on country crime updates given by representatives of 18 countries in the Single Euro Payments Area (SEPA), and 3 non-SEPA countries, at the 45th EAST meeting held in The Hague on 6th June 2018.

Payment fraud issues were reported by fifteen countries.  Seven countries reported card-not-present (CNP) as a key fraud driver.  Two countries reported attempted ‘Forced Post’ fraud, possible when some point of sale (POS) terminals allow the ‘force sale’ functionality.  One country reported a new form of malware on android mobile phones, distributed with a fake application uploaded from third-party android stores.  Another country reported cases of SIM swap fraud, where fraudsters authorise a bank transfer by switching the customer’s mobile phone number over to a new SIM and intercept the authorisation message.  To date in 2018 the EAST Payments Task Force (EPTF) has published five Payment Alerts covering phishing, malware on mobile phones, fraudulent mobile Apps and CNP fraud.

ATM malware and logical security attacks were reported by nine countries.  Five of the countries reported ATM related malware.  In addition to Cutlet Maker (used for ATM cash-out) a new variant called WinPot has been reported – this is used to check how many banknotes are in an ATM.  Six countries reported the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash.  To date in 2018 the EAST Expert Group on All Terminal Fraud (EGAF) has published seven related Fraud Alerts. To help counter these threats Europol, supported by EAST EGAF, has published a document entitled ‘Guidance and Recommendations regarding Logical attacks on ATMs’.  It covers mitigating the risk, setting up lines of defence and identifying and responding to logical attacks.  This is available in four languages: English, German, Italian and Spanish.

Card skimming at ATMs was reported by fourteen countries.  For the first time one country reported the arrest of a Chinese national in connection with such attacks.  The usage of M3 – Card Reader Internal Skimming devices remains most prevalent.  This type of device is placed at various locations inside the motorised card reader behind the shutter.  Six countries reported such attacks.  One country reported the use of M2 – Throat Inlay Skimming Devices.  Skimming attacks on other terminal types were reported by five countries, four of which reported such attacks on unattended payment terminals (UPTs) at petrol stations.  To date in 2018 EAST EGAF has published ten related Fraud Alerts.

Year to date International skimming related losses were reported in 31 countries and territories outside SEPA and in 3 within SEPA.  The top three locations where such losses were reported remain Indonesia, the USA and India.

Three countries reported incidents of Transaction Reversal Fraud (TRF), two of which reported new attack variants.  To date in 2018 EAST EGAF has published four related Fraud Alerts.

Ram raids and ATM burglary were reported by eight countries.  Six countries reported explosive gas attacks, one of which reported such attacks against ATS machines for the first time.  Another reported that explosive gas attacks against ATMs have started for the first time.  Five countries reported solid explosive attacks.  The spread of such attacks is of great concern to the industry due to the risk to life and to the significant amount of collateral damage to equipment and buildings.  To date in 2018 the EAST Expert Group on ATM & ATS Physical Attacks (EGAP) has published five related Physical Attack Alerts.

The full Fraud Update is available to EAST Members (National and Associate).

EAST Publishes European Fraud Update 1-2018

EAST Fraud Update 1-2018EAST has just published its first European Fraud Update for 2018.  This is based on country crime updates given by representatives of 18 countries in the Single Euro Payments Area (SEPA), and 4 non-SEPA countries, at the 44th EAST meeting held in Frankfurt on 7th February 2018.

Payment fraud issues were reported by fifteen countries.  Seven countries reported increases in card-not-present (CNP) fraud related to ecommerce merchants in China.  Phishing activity was reported by four countries and one of them reported phishing attacks through advertisements placed on social media sites.  The EAST Payments Task Force (EPTF) issued a first Payment Alert in January 2018.  This covered a phishing email sent to employees of banking and financial institutions, which contained malware intended to exploit the local network and gain access to Swift services.

ATM malware and logical security attacks were reported by ten countries.  Five of the countries reported ATM related malware and one country reported the first successful Cutlet Maker cash-out attack in Western Europe.  To date in 2018 the EAST Expert Group on All Terminal Fraud (EGAF) has published two related Fraud Alerts.  Seven countries reported the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash.  To help counter these threats Europol, supported by EAST EGAF, has published a document entitled ‘Guidance and Recommendations regarding Logical attacks on ATMs’.  It covers mitigating the risk, setting up lines of defence and identifying and responding to logical attacks.  This is available in four languages: English, German, Italian and Spanish.

Card skimming at ATMs was reported by sixteen countries.  The usage of M3 – Card Reader Internal Skimming devices is most prevalent.  This type of device is placed at various locations inside the motorised card reader behind the shutter.  Five countries reported such attacks.  Skimming attacks on other terminal types were reported by five countries, all of which reported such attacks on unattended payment terminals (UPTs) at petrol stations.  One country also reported the use of card shimming devices at POS terminals.  To date in 2018 EAST EGAF has published three related Fraud Alerts.

Year to date International skimming related losses were reported in 40 countries and territories outside SEPA and in 7 within SEPA.  The top three locations where such losses were reported remain the USA, Indonesia and India.

Five countries reported incidents of Transaction Reversal Fraud (TRF).  Two countries reported a continued increase in such attacks and two countries reported new modus-operandi.  To date in 2018 EAST EGAF has published two related Fraud Alerts.

Ram raids and ATM burglary were reported by ten countries and, to date in 2018, the EAST Expert Group on ATM & ATS Physical Attacks (EGAP) has published one related ATM Physical Attack Alert.  Eight countries reported explosive gas attacks and six countries reported solid explosive attacks.  The spread of such attacks is of increasing concern to the industry due to the risk to life and to the significant amount of collateral damage to equipment and buildings.

The full Fraud Update is available to EAST Members (National and Associate).

EAST Publishes European Fraud Update 3-2017

Fraud UpdateEAST has published its third European Fraud Update for 2017.  This is based on country crime updates given by representatives of 15 countries in the Single Euro Payments Area (SEPA), and 5 non-SEPA countries, at the 43rd EAST meeting held in Edinburgh on 4th October 2017.

Payment fraud issues were reported by eleven countries.  One country reported that a fake P2P website was used to get funds illegally, which are then transferred to genuine cards for cash withdrawal.  Card-Not-Present (CNP) fraud shows a significant increase in fake websites, such as ticketing sites.  Data acquired through social engineering is used immediately by criminals to make fund transfers to money mule accounts.  The EAST Payments Task Force (EPTF) is looking at security issues affecting payments with a view to the gathering, collation and dissemination of related information, trends and general statistics.

ATM malware and logical security attacks were reported by seven countries.  To date in 2017 EAST has published fourteen related Fraud Alerts.  Two of the countries reported ATM related malware and all seven reported the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash.  To help counter these threats Europol, supported by the EAST Expert Group on All Terminal Fraud (EGAF), has published a document entitled ‘Guidance and Recommendations regarding Logical attacks on ATMs’.  It covers mitigating the risk, setting up lines of defence and identifying and responding to logical attacks.  This is available in four languages: English, German, Italian and Spanish.

Card skimming at ATMs was reported by thirteen countries.  The usage of M3 – Card Reader Internal Skimming devices is most prevalent.  This type of device is placed at various locations inside the motorised card reader behind the shutter.  Four countries reported such attacks and, to date in 2017, EAST has published ten related Fraud Alerts.

Year to date International skimming related losses were reported in 53 countries and territories outside of the Single Euro Payments Area (SEPA) and in 10 within SEPA.  The top three locations where such losses were reported are the USA, Indonesia and India.

Skimming attacks on other terminal types were reported by eight countries and four countries reported such attacks on unattended payment terminals (UPTs) at petrol stations.

Six countries reported incidents of Transaction Reversal Fraud (TRF).  One country reported a continued increase in such attacks and two countries reported a new modus-operandi.

Ram raids and ATM burglary were reported by ten countries and eight countries reported explosive gas attacks.  To date in 2017 EAST has published eleven related ATM physical attack alerts.  The use of solid explosives continues to spread and six countries reported such attacks.  This is of increasing concern to the industry due to the risk to life and to the significant amount of collateral damage to equipment and buildings.

The full Fraud Update is available to EAST Members (National and Associate).

EAST Publishes European Fraud Update 2-2017

EAST has published its second European Fraud Update for 2017.  This is based on country crime updates given by representatives of 21 countries in the Single Euro Payments Area (SEPA), and 5 non-SEPA countries, at the 42nd EAST meeting held at Europol on 7th June 2017.

Payment fraud issues were reported by ten countries.  One country reported a new fraud type where the card Primary Account Number (PAN) is compromised in China, leading to fraud in China.  In these cases the CPP is sometimes detected, but most of the time it is not.  Another country reported data compromise due ‘vishing’ attacks (voice phishing), ‘phishing’ websites and ‘SMiShing’ (SMS phishing).  The EAST Payments Task Force (EPTF) is looking at security issues affecting payments with a view to the gathering, collation and dissemination of related information, trends and general statistics.

ATM malware and logical security attacks were reported by fifteen countries.  To date in 2017 EAST has published ten related Fraud Alerts.  Two of the countries reported ATM malware and fourteen reported the usage (or attempted usage) of ‘black-box’ devices to allow the unauthorised dispensing of cash.  Five countries reported ‘black box’ attacks for the first time, further indication that this attack type is continuing to spread.  To help counter these threats Europol, supported by the EAST Expert Group on All Terminal Fraud (EGAF), has published a document entitled ‘Guidance and Recommendations regarding Logical attacks on ATMs’.  It covers mitigating the risk, setting up lines of defence and identifying and responding to logical attacks.  This is available in four languages: English, German, Italian and Spanish.

Card skimming at ATMs was reported by nineteen countries.  The usage of M3 – Card Reader Internal Skimming devices continues to spread.  This type of device is placed at various locations inside the motorised card reader behind the shutter.  Nine countries reported such attacks and, to date in 2017, EAST has published six related Fraud Alerts.

International skimming related losses were reported in 49 countries and territories outside of the Single Euro Payments Area (SEPA) and in 9 within SEPA.  The top three locations where such losses were reported are the USA, Indonesia and the Philippines.

Skimming attacks on other terminal types were reported by ten countries and five countries reported such attacks on unattended payment terminals (UPTs) at petrol stations.  Two countries reported the usage of card reader internal shimming devices at POS terminals.

Eight countries reported incidents of Transaction Reversal Fraud (TRF).  One country reported a significant increase in such attacks and two countries reported such attacks for the first time.

Ram raids and ATM burglary were reported by nine countries and nine countries reported explosive gas attacks.  To date in 2017 EAST has published nine related ATM physical attack alerts.  The use of solid explosives continues to spread and six countries reported such attacks.  This is of increasing concern to the industry due to the risk to life and to the significant amount of collateral damage to equipment and buildings.

The full Fraud Update is available to EAST Members (National and Associate).

The Evolution of ATM Explosive Attacks (Gas and Solid Explosive)

ATM Explosive attacksExplosive attacks on ATMs are a rising problem in Europe and in many other parts of the world.  In a report covering the first six months of 2016 EAST reported a total of 492 explosive attacks in Europe, a rise of 80 percent compared to the same period in 2015.  Such attacks do not just present a financial risk due to stolen cash, but also are the cause of significant collateral damage to equipment and buildings.  Of most concern is the fact that lives can also be put in danger, particularly by the usage of solid explosives.  Over the past few years the Netherlands has been particularly hard hit by such attacks.

At the upcoming EAST Financial Crime & Security Forum (EAST FCS 2017) Job Galesloot, Security Officer ING Domestic Banking, will share the Dutch experience and also how neighbouring countries have been impacted.

About Job Galesloot

Job is a specialist in physical crimes against ING Bank branches. His main concerns are explosive gas attacks on ATMs, physical attacks on the bank’s branches and physical or verbal aggression against branch staff.  Since 2015 he is the Physical Security Officer for ING Domestic Banking. Responsible for threat analysis, trend monitoring and development of countermeasures. In 2016 Job chaired the Dutch Banking Association Expert Pool IBNS which tested several IBNS systems. IBNS stands for Intelligent Banknote Neutralisation Systems.

Who Is Attending?

Over 150 delegates will attend from ATM networks, banks, law enforcement, vendors, and EAST national and associate members.

Book soon to ensure you don’t miss this great opportunity to attend what has been described as an “excellent event for helping to make a difference in the area of financial crime prevention”.

There are some sponsor and exhibitor slots still available so, if you are in the business of ATM crime prevention and wish to take a space alongside a key audience, see our Sponsorship Brochure for details.

EAST EGAP holds 7th Meeting at Europol

The EAST Expert Group on ATM Physical Attacks (EGAP) - LogoThe seventh meeting of the EAST Expert Group on ATM Physical Attacks (EGAP) took place on Wednesday 8th March 2017 at Europol in The Hague.

EAST EGAP is a European specialist expert forum for discussion of ATM related physical attack trends, attack methodologies and counter-measures, threat protection, and for the provision of regularly updated lists of manufacturers of ATM protective devices.

The meeting was chaired by Mr Graham Mott and was attended by key representatives from ATM Deployers, ATM Networks, Security Equipment Vendors and Law Enforcement.

EAST EGAP, which meets twice each year, enables in-depth and technical discussion to take place. The areas covered include:

  • The latest incidents and criminal MOs
  • The collection and distribution of best practice guidelines
  • The evolution of threats and counter-measures
  • Lessons from and on law enforcement

The focus of the group is on topics and issues raised by EAST National Members, which represent 35 countries with an installed base of 1,411,870 ATMs. Outputs from EAST EGAP are presented to meetings of EAST National Members.

There will be an EAST EGAP workshop at this year’s EAST Financial Crime & Security Forum (EAST FCS 2017). On Day One of the event Graham Mott will cover ‘Traditional Attacks’, ‘Current Physical Attack Types’, ‘Counter-measures’ and ‘Banknote Degradation’.  The workshop is open to all those attending the Forum. On Day Two of the event there will be a presentation on the ‘Evolution of Explosive Attacks (Gas and Solid Explosives)’ from the Netherlands and a ‘Case Study on Countering Explosive Attacks’ from a Regional Intelligence Unit of the UK Police.

EAST Publishes European Fraud Update 1-2016

EAST - EUROPEAN FRAUD UPDATE 1 - 2016EAST has just published its first European Fraud Update for 2016. This is based on country crime updates given by representatives of 19 countries in the Single Euro Payments Area (SEPA), and 4 non-SEPA countries, at the 38th EAST meeting held in Stockholm on 10th February 2016

Card skimming at ATMs was reported by twenty countries. Criminal usage of M2 – Throat Inlay Skimming Devices appears to be increasing. This type of device is placed inside the card reader throat in front of the shutter. Three countries reported such attacks.

The trend of losses due to skimming occurring outside of EMV Chip liability shift areas continues. International losses were reported in 44 countries and territories outside of the Single Euro Payments Area (SEPA) and in 3 within SEPA. The top three locations where such losses were reported remain the USA, Indonesia and the Philippines.

Skimming attacks on other terminal types were reported by twelve countries and seven countries reported such attacks on unattended payment terminals (UPTs) at petrol stations.

Fifteen countries reported cash trapping attacks and five countries reported transaction reversal fraud (TRF) incidents.

ATM malware and logical security attacks were reported by three countries – two of them reported the successful usage of ‘black-box’ devices to allow the unauthorised dispensing of cash.

Ram raids and ATM burglary were reported by ten countries and ten countries also reported explosive gas attacks, one of them for the first time. One country reported the use of explosive liquid (nitro-glycerine) to blow open an ATM safe – the first time that this has been reported to EAST.

The full Fraud Update is available to EAST Members (National and Associate) and Subscribers.